package org.spongycastle.jsse.provider;

import cz.msebera.android.httpclient.protocol.HTTP;
import java.io.UnsupportedEncodingException;
import java.security.Principal;
import java.security.PrivateKey;
import java.util.Hashtable;
import java.util.List;
import java.util.Set;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.X509KeyManager;
import javax.security.auth.x500.X500Principal;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.jsse.BCSNIServerName;
import org.spongycastle.tls.Certificate;
import org.spongycastle.tls.CertificateRequest;
import org.spongycastle.tls.CertificateStatusRequest;
import org.spongycastle.tls.DefaultTlsClient;
import org.spongycastle.tls.DefaultTlsKeyExchangeFactory;
import org.spongycastle.tls.ProtocolVersion;
import org.spongycastle.tls.ServerName;
import org.spongycastle.tls.ServerNameList;
import org.spongycastle.tls.TlsAuthentication;
import org.spongycastle.tls.TlsCredentials;
import org.spongycastle.tls.TlsExtensionsUtils;
import org.spongycastle.tls.TlsFatalAlert;
import org.spongycastle.tls.TlsServerCertificate;
import org.spongycastle.tls.TlsSession;
import org.spongycastle.tls.TlsUtils;
import org.spongycastle.tls.crypto.TlsCrypto;
import org.spongycastle.tls.crypto.TlsCryptoParameters;
import org.spongycastle.tls.crypto.impl.jcajce.JcaDefaultTlsCredentialedSigner;
import org.spongycastle.tls.crypto.impl.jcajce.JcaTlsCrypto;
import org.spongycastle.tls.crypto.impl.jcajce.JceDefaultTlsCredentialedAgreement;
import org.spongycastle.util.IPAddress;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public class ProvTlsClient extends DefaultTlsClient implements ProvTlsPeer {
    public static Logger p = Logger.getLogger(ProvTlsClient.class.getName());
    public static final boolean q = PropertyUtils.a("jsse.enableSNIExtension", true);
    public final ProvTlsManager m;
    public final ProvSSLParameters n;
    public boolean o;

    public ProvTlsClient(ProvTlsManager provTlsManager) {
        super(provTlsManager.e().b(), new DefaultTlsKeyExchangeFactory(), new ProvDHConfigVerifier());
        this.o = false;
        this.m = provTlsManager;
        this.n = provTlsManager.d();
    }

    @Override // org.spongycastle.tls.AbstractTlsClient, org.spongycastle.tls.TlsClient
    public void F(ProtocolVersion protocolVersion) {
        String q2 = this.m.getContext().q(protocolVersion);
        if (q2 != null) {
            for (String str : this.n.g()) {
                if (q2.equals(str)) {
                    p.fine("Client notified of selected protocol version: " + q2);
                    return;
                }
            }
        }
        throw new TlsFatalAlert((short) 70);
    }

    @Override // org.spongycastle.jsse.provider.ProvTlsPeer
    public synchronized boolean G() {
        return this.o;
    }

    @Override // org.spongycastle.tls.AbstractTlsClient, org.spongycastle.tls.TlsClient
    public short[] I() {
        return this.m.getContext().t() ? new short[]{0} : super.I();
    }

    @Override // org.spongycastle.tls.AbstractTlsClient, org.spongycastle.tls.TlsClient
    public TlsSession J() {
        return null;
    }

    @Override // org.spongycastle.tls.DefaultTlsClient, org.spongycastle.tls.TlsClient
    public int[] N() {
        return TlsUtils.R(this.m.e().b(), this.m.getContext().b(this.n.d()));
    }

    @Override // org.spongycastle.tls.AbstractTlsClient, org.spongycastle.tls.TlsClient
    public Hashtable Q() {
        Hashtable p2 = TlsExtensionsUtils.p(super.Q());
        if (q) {
            List<BCSNIServerName> i = this.m.d().i();
            if (i == null) {
                String peerHost = this.m.getPeerHost();
                if (peerHost != null && peerHost.indexOf(46) > 0 && !IPAddress.b(peerHost)) {
                    Vector vector = new Vector(1);
                    vector.addElement(new ServerName((short) 0, peerHost));
                    TlsExtensionsUtils.d(p2, new ServerNameList(vector));
                }
            } else if (!i.isEmpty()) {
                Vector vector2 = new Vector(i.size());
                for (BCSNIServerName bCSNIServerName : i) {
                    if (bCSNIServerName.b() == 0) {
                        vector2.addElement(new ServerName((short) bCSNIServerName.b(), new String(bCSNIServerName.a(), HTTP.ASCII)));
                    }
                }
                TlsExtensionsUtils.d(p2, new ServerNameList(vector2));
            }
        }
        return p2;
    }

    @Override // org.spongycastle.tls.AbstractTlsClient
    public CertificateStatusRequest V() {
        return null;
    }

    @Override // org.spongycastle.tls.AbstractTlsClient
    public ProtocolVersion W() {
        return this.m.getContext().p(this.n.g());
    }

    @Override // org.spongycastle.tls.AbstractTlsClient
    public Vector X() {
        if (!q) {
            return null;
        }
        List<BCSNIServerName> i = this.m.d().i();
        if (i == null) {
            String peerHost = this.m.getPeerHost();
            if (peerHost == null || peerHost.indexOf(46) <= 0 || IPAddress.b(peerHost)) {
                return null;
            }
            Vector vector = new Vector(1);
            vector.addElement(new ServerName((short) 0, peerHost));
            return vector;
        }
        Vector vector2 = new Vector(i.size());
        for (BCSNIServerName bCSNIServerName : i) {
            if (bCSNIServerName.b() == 0) {
                try {
                    vector2.addElement(new ServerName((short) bCSNIServerName.b(), new String(bCSNIServerName.a(), HTTP.ASCII)));
                } catch (UnsupportedEncodingException e) {
                    p.log(Level.WARNING, "Unable to include SNI server name", (Throwable) e);
                }
            }
        }
        if (vector2.isEmpty()) {
            return null;
        }
        return vector2;
    }

    @Override // org.spongycastle.tls.AbstractTlsClient
    public Vector Y() {
        return JsseUtils.j(C());
    }

    @Override // org.spongycastle.tls.AbstractTlsClient, org.spongycastle.tls.TlsClient
    public ProtocolVersion c() {
        return this.m.getContext().o(this.n.g());
    }

    @Override // org.spongycastle.tls.AbstractTlsPeer, org.spongycastle.tls.TlsPeer
    public void g(short s, short s2, String str, Throwable th) {
        super.g(s, s2, str, th);
        Level level = s == 1 ? Level.FINE : s2 == 80 ? Level.WARNING : Level.INFO;
        if (p.isLoggable(level)) {
            String e = JsseUtils.e("Client raised", s, s2);
            if (str != null) {
                e = e + ": " + str;
            }
            p.log(level, e, th);
        }
    }

    @Override // org.spongycastle.tls.AbstractTlsPeer, org.spongycastle.tls.TlsPeer
    public void m(short s, short s2) {
        super.m(s, s2);
        Level level = s == 1 ? Level.FINE : Level.INFO;
        if (p.isLoggable(level)) {
            p.log(level, JsseUtils.e("Client received", s, s2));
        }
    }

    @Override // org.spongycastle.tls.AbstractTlsPeer, org.spongycastle.tls.TlsPeer
    public synchronized void q() {
        this.o = true;
        this.m.c(new ProvSSLConnection(this.c, this.m.e().a().c(this.c.b())));
    }

    @Override // org.spongycastle.tls.TlsClient
    public TlsAuthentication r() {
        return new TlsAuthentication() { // from class: org.spongycastle.jsse.provider.ProvTlsClient.1
            @Override // org.spongycastle.tls.TlsAuthentication
            public TlsCredentials a(CertificateRequest certificateRequest) {
                short[] c;
                Principal[] principalArr;
                int J = TlsUtils.J(ProvTlsClient.this.h);
                if (J != 1 && J != 3 && J != 5) {
                    if (J != 7 && J != 9) {
                        switch (J) {
                            case 16:
                            case 18:
                                break;
                            case 17:
                            case 19:
                                break;
                            default:
                                throw new TlsFatalAlert((short) 80);
                        }
                    }
                    return null;
                }
                X509KeyManager c2 = ProvTlsClient.this.m.e().c();
                if (c2 == null || (c = certificateRequest.c()) == null || c.length == 0) {
                    return null;
                }
                String[] strArr = new String[c.length];
                for (int i = 0; i < c.length; i++) {
                    strArr[i] = JsseUtils.f(c[i]);
                }
                Vector b = certificateRequest.b();
                if (b == null || b.size() <= 0) {
                    principalArr = null;
                } else {
                    Set<X500Principal> q2 = JsseUtils.q((X500Name[]) b.toArray(new X500Name[b.size()]));
                    principalArr = (Principal[]) q2.toArray(new Principal[q2.size()]);
                }
                String chooseClientAlias = c2.chooseClientAlias(strArr, principalArr, null);
                if (chooseClientAlias == null) {
                    return null;
                }
                TlsCrypto C = ProvTlsClient.this.C();
                if (!(C instanceof JcaTlsCrypto)) {
                    throw new UnsupportedOperationException();
                }
                PrivateKey privateKey = c2.getPrivateKey(chooseClientAlias);
                Certificate h = JsseUtils.h(C, c2.getCertificateChain(chooseClientAlias));
                if (privateKey == null || h.d()) {
                    return null;
                }
                if (J != 1 && J != 3 && J != 5) {
                    if (J != 7 && J != 9) {
                        switch (J) {
                            case 16:
                            case 18:
                                break;
                            case 17:
                            case 19:
                                break;
                            default:
                                throw new TlsFatalAlert((short) 80);
                        }
                    }
                    return new JceDefaultTlsCredentialedAgreement((JcaTlsCrypto) C, h, privateKey);
                }
                return new JcaDefaultTlsCredentialedSigner(new TlsCryptoParameters(ProvTlsClient.this.c), (JcaTlsCrypto) C, privateKey, h, TlsUtils.l(ProvTlsClient.this.c, ProvTlsClient.this.e, TlsUtils.O(h.b(0).a())));
            }

            @Override // org.spongycastle.tls.TlsAuthentication
            public void b(TlsServerCertificate tlsServerCertificate) {
                if (tlsServerCertificate == null || tlsServerCertificate.a() == null || tlsServerCertificate.a().d()) {
                    throw new TlsFatalAlert((short) 40);
                }
                if (!ProvTlsClient.this.m.b(JsseUtils.k(ProvTlsClient.this.m.e().b(), tlsServerCertificate.a()), JsseUtils.g(TlsUtils.J(ProvTlsClient.this.h)))) {
                    throw new TlsFatalAlert((short) 42);
                }
            }
        };
    }

    @Override // org.spongycastle.tls.AbstractTlsClient, org.spongycastle.tls.TlsClient
    public void x(int i) {
        this.m.getContext().y(i);
        super.x(i);
        p.fine("Client notified of selected cipher suite: " + this.m.getContext().l(i));
    }
}
